Docusign
Sr. Manager, Security Third Party Risk Product Management
Docusign, Chicago, Illinois, United States, 60290
Overview
Docusign is hiring a Senior Manager, Security Third Party Risk Product Management (TPRM) to define and lead our enterprise-wide vendor, partner, and ecosystem security risk program. This role is accountable for shaping TPRM as a product while combining strategic vision with hands-on execution, and it requires close partnership with leaders across Security, GRC, Legal, Compliance, Finance, and Procurement. This position reports to the Director of Security Product Risk Management. Responsibilities
Define and drive the TPRM roadmap and strategy - evolving the program into a scalable, productized capability Lead, mentor, and grow a high-performing Third-Party Risk Management team responsible for driving third party risk assessments, continuous monitoring and incident support Partner with GRC Engineering to design and integrate automation and continuous monitoring tools (e.g., BitSight, SecurityScorecard) into third party workflows Embed security risk requirements into procurement, legal and contracting processes Oversee technical integration reviews for SaaS, APIs, cloud platforms, and data-sharing workflows Ensure fourth-party and ecosystem dependency risks are incorporated into TPRM processes Develop insights, dashboards and reporting that provide executive visibility into vendor, fourth-party and ecosystem risk Partner with Product Security, Vulnerability Management and Incident Response to ensure vendor-related vulnerabilities and incidents are effectively resolved Represent TPRM as a product and capability to leadership, customers, and stakeholders Qualifications
Basic
8+ years of experience in third-party/vendor security risk management, supply chain risk, security or GRC Demonstrated people management experience of 5+ years with a track record of leading and developing risk management teams Bachelor’s or Master’s degree in Information Security, Risk Management, Analytics, or related field Experience with TPRM methodologies, frameworks, and regulations (e.g., SIG, CSA, ISO 27036, NIST 800-161, DORA) Experience with managing risks associated with SaaS, APIs, cloud services and architectures, and supply-chain ecosystems Proven ability to define and deliver roadmaps, evolving manual TPRM program into an automated, scalable product Hands-on knowledge of TPRM tools and continuous monitoring platforms (BitSight, SecurityScorecard, ServiceNow, OneTrust, Process Unity, etc.) Experience supporting vendor-related security incidents Preferred
Strong communication and executive presence, with ability to brief senior leadership Ability to partner effectively with varying business stakeholders with differing priorities Advanced degree or two or more certifications (CRISC, CTPRP, CISM, CISSP, CISA) Experience scaling global TPRM programs across diverse regulatory environments Strong knowledge of security and privacy frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, FedRAMP) Familiarity with cloud-native architectures, SaaS security, API integrations, and shared responsibility models Experience developing executive dashboards, scorecards, and reporting for board-level discussions Track record of building trusted partnerships with senior stakeholders across the enterprise - especially with Compliance, Legal, Security, Procurement Benefits
Paid Time Off: earned time off, as well as paid company holidays based on region Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment Retirement Plans: select retirement and pension programs with potential for employer contributions Learning and Development: options for coaching, online courses and education reimbursements Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events Equal Opportunity Employer: Docusign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, disability, veteran or military status, or any other legally protected category.
#J-18808-Ljbffr
Docusign is hiring a Senior Manager, Security Third Party Risk Product Management (TPRM) to define and lead our enterprise-wide vendor, partner, and ecosystem security risk program. This role is accountable for shaping TPRM as a product while combining strategic vision with hands-on execution, and it requires close partnership with leaders across Security, GRC, Legal, Compliance, Finance, and Procurement. This position reports to the Director of Security Product Risk Management. Responsibilities
Define and drive the TPRM roadmap and strategy - evolving the program into a scalable, productized capability Lead, mentor, and grow a high-performing Third-Party Risk Management team responsible for driving third party risk assessments, continuous monitoring and incident support Partner with GRC Engineering to design and integrate automation and continuous monitoring tools (e.g., BitSight, SecurityScorecard) into third party workflows Embed security risk requirements into procurement, legal and contracting processes Oversee technical integration reviews for SaaS, APIs, cloud platforms, and data-sharing workflows Ensure fourth-party and ecosystem dependency risks are incorporated into TPRM processes Develop insights, dashboards and reporting that provide executive visibility into vendor, fourth-party and ecosystem risk Partner with Product Security, Vulnerability Management and Incident Response to ensure vendor-related vulnerabilities and incidents are effectively resolved Represent TPRM as a product and capability to leadership, customers, and stakeholders Qualifications
Basic
8+ years of experience in third-party/vendor security risk management, supply chain risk, security or GRC Demonstrated people management experience of 5+ years with a track record of leading and developing risk management teams Bachelor’s or Master’s degree in Information Security, Risk Management, Analytics, or related field Experience with TPRM methodologies, frameworks, and regulations (e.g., SIG, CSA, ISO 27036, NIST 800-161, DORA) Experience with managing risks associated with SaaS, APIs, cloud services and architectures, and supply-chain ecosystems Proven ability to define and deliver roadmaps, evolving manual TPRM program into an automated, scalable product Hands-on knowledge of TPRM tools and continuous monitoring platforms (BitSight, SecurityScorecard, ServiceNow, OneTrust, Process Unity, etc.) Experience supporting vendor-related security incidents Preferred
Strong communication and executive presence, with ability to brief senior leadership Ability to partner effectively with varying business stakeholders with differing priorities Advanced degree or two or more certifications (CRISC, CTPRP, CISM, CISSP, CISA) Experience scaling global TPRM programs across diverse regulatory environments Strong knowledge of security and privacy frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, FedRAMP) Familiarity with cloud-native architectures, SaaS security, API integrations, and shared responsibility models Experience developing executive dashboards, scorecards, and reporting for board-level discussions Track record of building trusted partnerships with senior stakeholders across the enterprise - especially with Compliance, Legal, Security, Procurement Benefits
Paid Time Off: earned time off, as well as paid company holidays based on region Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment Retirement Plans: select retirement and pension programs with potential for employer contributions Learning and Development: options for coaching, online courses and education reimbursements Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events Equal Opportunity Employer: Docusign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, disability, veteran or military status, or any other legally protected category.
#J-18808-Ljbffr